Asia ERM Newsletter

february 2014
asia
ERM newsletter
country spotlight
1
milliman insight
3
thought leadership on erm
6
erm tools
7
Asia ERM newsletter
february 2014
Milliman Asia ERM Newsletter
We are pleased to present the inaugural Milliman Asia ERM Newsletter.
Through this publication, we aim to bring you the latest developments and
insights into the burning issues from the rapidly evolving field of enterprise
risk management (ERM) from across the Asia Pacific region.
ERM activity in the insurance sector is accelerating at a rapid pace around the region, especially
since a number of regulators have introduced Own Risk and Solvency Assessments (ORSA). Even in
countries where ORSA has not been introduced yet, there is an increased interest and engagement
with risk management as managers come to realise the value that ERM can add to their business
through enhanced business resilience.
Over the past year, the attendance at ERM seminars has increased rapidly across the region. Milliman
has sponsored ERM seminars in the region and our ERM experts have spoken at conferences held in
Australia, China, India, Singapore and Thailand.
This issue covers the following:
-- An update on the ERM related regulatory and market developments from India, Singapore
and Thailand.
-- An article by Neil Cantle on the complexity of risk in any business and how best to capture this
complexity in the ORSA.
We hope you find this first edition interesting, and we look forward to receiving your feedback.
RICHARD HOLLOWAY
Managing Director
Southeast Asia
& India Life
MICHAEL DALY
Principal and
Consulting Actuary
WING WONG
Principal and
Consulting Actuary
country spotlight
India
Significant
risk events
Following a sting by online magazine
Cobrapost relating to breaches of antimoney laundering (AML) and know your
customer (KYC) guidelines by leading banks
and their life insurance partners, the Reserve
Bank of India (RBI) has levied heavy fines on
31 banks and has sent out cautionary letters
to the remaining banks operating in India.
The Insurance Regulatory and Development
Authority (IRDA) has also initiated probes
against the insurance companies named
in the sting. Leading banks and insurance
companies have set up internal investigation
teams and have started suspending
errant employees.
The IRDA has also imposed a fine of INR31
million on Bajaj Allianz Life for violation of
the distributor compensation norms and its
refusal to honour policyholder claims. This is
the highest-ever penalty handed out by the
IRDA and is part of its recent crack-down on
breaches by insurers on its regulations on
distributor compensation.
Devastating floods in the Northern state
of Uttarakhand have led to large-scale
destruction of life, property, vehicles and
projects in the state. Insurance companies
have set up simplified claims settlement
processes for the victims/beneficiaries of
these floods. While insurance companies
are still in the process of settling claims,
initial loss estimates from general insurance
companies are as high as INR30 billion.
Policyholder complaints against life
insurance companies have grown 9.2% over
the past year. In the same period, complaints
against general insurance companies have
declined by 15%. The nature of complaints
includes mis-selling, sales related fraud
and non-refund of premiums on policies
cancelled during the free-look period.
Regulations
The solvency requirements for insurance
companies in India are currently calculated
using a formula-based approach. Since
March 2010, insurance companies have
been required to submit their economic
capital calculations, based on draft
guidelines issued by the IRDA, along with
their annual statutory submissions. However,
in the midst of continuing product related
regulations and in the absence of a member
actuary at the IRDA, these guidelines are yet
to be finalised.
With the aim of expanding risk management
practices in the insurance industry, the
IRDA has issued guidelines which extend
the definition of key persons to include the
positions of chief risk officer and compliance
officer. Apart from these two positions,
the definition of key persons already
includes the chief executive officer, chief
marketing officer, appointed actuary, chief
investment officer, chief of internal audit and
chief finance officer positions. Insurance
companies are required to submit the details
of the key persons to the IRDA within 30
days of the issuance of these guidelines
and any changes to the key persons or their
particulars on a regular basis. Individuals are
allowed to hold more than one key person
position as long as there is no potential
conflict of interest.
Conferences
and events
Milliman’s Joshua Corrigan recently
presented at the Second Seminar on
Enterprise Risk Management (ERM) held in
Gurgaon by the Institute of Actuaries of India.
The speakers at this well-attended seminar
included key risk professionals from India
and abroad, who presented on hot topics in
the area of ERM. Josh’s presentation on the
Innovations in integrating operational risk
measurement and management was thought
provoking and was very well received by
the attendees.
1
singapore
IMF assessment
As part of its Financial Stability
Assessment Program (FSAP), the
International Monetary Fund (IMF) has
rated the regulation and supervision of
Singapore’s financial sector as being
among the best globally. However, it has
also highlighted that Singapore is exposed
to a broad array of domestic
and global risks, especially in light of
its interconnectedness with other
financial centres.
Domestically, the rapid growth of credit
and real estate prices in recent years has
been identified as a cause of vulnerability.
Globally, possible spill-overs from a
future tightening of US monetary policy,
an economic slowdown in China or a
deterioration of economic conditions in
Europe are seen as the main risks to
Singapore’s financial system.
With regard to the insurance sector, the
report identified potential vulnerabilities
from guaranteed returns under some
policies, relatively high exposure to
equities and exposure to catastrophe
risks arising from the rapid growth in the
offshore sector.
While the IMF concluded in its report
that these risks are manageable based
on stress test results and various actions
taken by the Monetary Authority of
Singapore (MAS) to address these risks,
it still recommends continuous monitoring
of the economic and market conditions
and further strengthening of regulation
and supervision.
Asia ERM newsletter
february 2014
Regulatory
developments
MAS Notice 126 was introduced by the
MAS on 2 April 2013. This notice introduces
ERM requirements on the insurance industry,
and sets out both mandatory requirements
and non-mandatory standards for all
registered insurers, including the need to
establish an ERM framework, a process
for risk identification and risk measurement,
the establishment of a risk management
policy, establishing and maintaining a risk
tolerance statement, a process for ensuring
risk responsiveness, the establishment of
feedback loop and a formal requirement to
perform an ORSA. Based on the MAS’s
schedule, Tier 1 insurers are required to
submit a board-approved ORSA report to
the regulator on an annual basis, starting
31 December 2014. Other insurers need to
submit their report once every three years,
starting 31 December 2015 (with a need to
maintain an internal ORSA from 2014).
In light of evolving market practices and
global regulatory developments, the MAS
is embarking on a review of the current
risk-based capital (RBC) framework, which
was introduced in Singapore in 2004. The
MAS sent out a consultation paper regarding
this review (termed as RBC2 review) to
the industry in June 2012. This consultation
paper set out proposals for the new RBC2
framework which was intended to capture
some of the recent regulatory developments
in some of the more the advanced markets
(e.g. Solvency II in Europe) and to better
reflect the risks insurers face in the proposed
capital and solvency requirements. After the
consultation paper was issued, the MAS
received feedback from the industry, through
a working party formed by the Life Insurance
Association of Singapore (LIA) and other
sources. Based on a recent update from
the MAS, insurers will be asked to perform
a quantitative impact study (QIS) on the
proposed changes in the first quarter of
2014, following which we can expect the
MAS to refine the proposed framework
before formal introduction later this year.
Thailand
Natural disasters
The large scale devastation caused by the
2011 floods took the insurance industry
by surprise. Following the event, insurers
in Thailand consider floods to be their
primary loss drivers, replacing earthquakes
and typhoons. Following the floods, several
risk management initiatives were launched
in Thailand, including the improvement
of Thai flood modelling service, and the
development of risk mappers to help
insurers track and analyse their exposures
to flood.
Political risk
There have been escalating political
tensions and large-scale protests sparked
initially over a controversial proposed
bill that would have provided amnesty
to the deposed former Prime Minister,
Thaksin Shinawatra, allowing him to return
from self-imposed exile without having
to face corruption charges. A general
election was held on 2 February 2014,
but a boycott of the election by the
main opposition party and disruption of
the voting process in many areas of the
country means that there is uncertainty as
to whether the election result will be valid
and a new government can be formed.
The on-going political standoff threatens
to impact currency and financial markets
and economic growth, and increases
operational risk exposure for companies
operating in Thailand. As a consequence,
several insurers have been giving more
focus to enhancing and testing their
business continuity planning procedures.
2
Regulatory
developments
The Office of Insurance Commission (OIC)
has taken an active role in recent years in
introducing a number of initiatives in the area
of ERM:
ƒƒ In the 2011 Stress Testing Conceptual
Paper, four new Insurance Core
Principle (ICP) Standards, Guidance
and Assessment Methodology have
been incorporated. The fundamentals of
these ICPs include the understanding
of insurance companies’ risks, corporate
governance and compliance.
ƒƒ Stress testing was introduced in 2012,
and insurance companies are carrying out
Quantitative Impact Study (QIS) exercises
so that the stress test requirements can
be finalised.
ƒƒ The framework of risk-based capital
(RBC) Phase 2, which will make
changes to the current RBC framework
introduced with effect from September
2011, is currently under consultation with
the industry.
ƒƒ OIC also aims to introduce ORSA as
a subsequent component of the Thai
solvency framework.
Conferences
and events
The Thai Life Assurance Association
(TLAA) hosted an ORSA conference in
Bangkok on 22 November 2013. This was
attended by the OIC, TLAA members, senior
executives from life insurers in Thailand and
risk management practitioners from other
Asian markets. Milliman was a co-sponsor
of this event, delivering a presentation on
innovations in risk management.
milliman insight
all in the
risk mix
When we look at the risk strategy our
business is trying to deliver we see a
forest of multiple factors which depend on
other factors, which in turn interact with
others. It is hard to see the wood for the
trees and make sense of it all. Insurance
companies are moving into a regulatory
regime which requires an Own Risk and
Solvency Assessment (ORSA) exercise—a
formal assessment of the risks they face,
the resources available to meet them and
clear communication about how they intend
to manage them.
Risk management is an evolving discipline—
historically more about hazard avoidance and
mitigation but increasingly about insights into
business performance and resilience. So
how should one go about trying to unearth
the uncertainties inherent in a modern
insurance company and make sense
of them?
As described in Allan, Cantle, et. al. (2012),
For complex systems, like an economy or
financial organisations, a new paradigm
or philosophy is required to understand
how the constituent parts interact to create
behaviours not predictable from the sum of
the parts. Systems theory provides a more
robust conceptual framework which views
risk as an emerging property arising from
the complex and adaptive interactions
which occur within companies, sectors
and economies.
People traditionally focus a lot of energy on
the visible part of risk and uncertainty—the
part above the water in the image. They
identify undesirable outcomes crises and
seek to identify their causes—the events
which lead to them. The information
collected at this level is often categorised
and stored in databases in the belief that
The articulation of risk appetite is at the
Symptoms
heart of exercises like ORSA,
as it explains
the types, and amounts, of uncertainties
that you would like to be exposed to in
pursuing your chosen strategy, those you
will accept as necessary evils and those
you would like to avoid. To operationalise
Causes
the concept, however, it is necessary to
understand how those uncertainties arise
and assign operational parameters to help
the organisation know the boundaries of dayto-day activity. But this is where things get
hard—surely there could
be a million ways in
Sense-making
which profit might not be the figure we
had planned? it can help inform predictions of future
trends—a promise it generally fails to deliver
on. This failure arises because we are still a
way from understanding why these events
took place—we simply know that they did and
what some of the potential consequences
might be. We need to look deeper, and
consider the part of the iceberg underneath
the water in the image below. We have to
seek out the patterns that will help us to
make sense of how the events might be
related in some way, and ultimately seek an
understanding of the underlying mechanism
which produces these. People are generally
afraid to venture beneath the water as they
believe that the complex outcomes we see
are surely the result of impenetrably complex
dynamics and that describing them at this
level would be impossible or prohibitively
complex to be useful. Crisis
Events
Patterns
Complex phenomena have been studied
by a number of disciplines outside of the
business world and itUnderstanding
turns out that the
insights from these are helpful for us here.
System Structure
3
Asia ERM newsletter
february 2014
Some important misconceptions and
myths about the behaviours of complex systems
mean that some of the techniques typically used
can actually be dangerously misleading. The first error is thinking that a complex
systems problem is best solved by reducing
it to a series of simpler parts. The outcomes
of complex systems are emergent, arising
from the interactions of many underlying
parts, and the understanding of these
interactions is crucial to understanding the
system overall. So, unlike merely complicated
systems, complex ones cannot be reduced
and must be studied holistically first. The
second major error is ignoring adaptation
and basing statistical analyses on historical
behaviours which are unlikely to repeat. We
therefore need a way to understand what is
actually going on before we try to simplify our
information or models.
People at the heart
There is an inescapable link between people
and risk, not least because risk itself is a
social construct. Companies are essentially
groups of people, all trying to follow processes
and procedures to achieve the particular
goals of their organisation, introducing
myriad complexities as they go about their
work. But people are not just passive parts
of the system. They are often actively trying
to anticipate outcomes and influence them,
creating feedback and non-linearities. A lack
of complete information and understanding
means that human interventions nearly always
have unintended consequences. In trying to simplify the risk problems we face
we tend to make assumptions about the
behaviours of others. In particular it is often
assumed that everyone is behaving rationally
and that their behaviours are consistent over
time. Neither of these things tend to be true. People also suffer a number of further
cognitive shortcomings when we look at
their role in risk assessment. People rely on
judgmental heuristics (which are influenced
by recent experience) and are fundamentally
poor at assessing probability (Fenton and
Neil (2012) gives a series of good examples
of how people get this wrong) and yet we
consistently rely upon expert opinions in
our risk management activity—even models
calibrated factually with historical data are
relying upon an expert’s opinion that such a
trend will continue into the future.
Another big challenge is that stable
environments naturally select resources
with skills optimised for that environment,
reducing future flexibility. This process of
specialisation and optimisation forms part of
an adaptive cycle (Holing and Gunderson
[2002])—as a company becomes
increasingly optimised and forgoes
resources which assist flexibility it becomes
increasingly fragile and exposed to changes
in the environment. In areas such as
ecology it has increasingly been accepted
that resilience is a far more sensible target
than optimisation when you are dealing with
complex systems, but it does require shortterm inefficiency by investing in resources
which preserve flexibility.
Culture, or rather organisational behaviour,
plays a crucial role in risk management too.
The prevailing behavioural environment can
have profound impacts on the way in which
risks arise and how they are identified,
assessed and managed. In particular, there
is no single mood or culture at any point in
time, but rather a dynamic and evolving blend
of four risk attitudes as described in Ingram
and Thompson (2011):
ƒƒ Pragmatists who believe that the world is
uncertain and unpredictable.
ƒƒ Conservators whose world belief is of
peril and high risk.
ƒƒ Maximisers who see the world as low risk
and fundamentally self-correcting.
ƒƒ Managers whose world is risky,
but not too risky for firms that are
guided properly.
In your head you form a view of the world
that is helpful in making sense of the
complexities around you. It is possible to
largely recover these images by reformatting
narratives about particular topics as cognitive
maps. Each node on the map represents
a concept mentioned in the narrative and
the links between nodes represent the
connections that you make between these
concepts. So, for example, the sentence
increasing life spans is causing a strain on
retirement income could be represented by
the linked nodes increasing life spans and
strain on retirement income.
4
Such maps can contain hundreds of nodes
but the structure of the map lends itself to
rigorous analysis which can identify the most
connected parts of the narrative (immediately
or more globally). These nodes which most
often lead to such important concepts can
also enable the identification of biases from
the respondents and missing elements of the
narrative. Narratives from multiple sources
can be combined into a single coherent view
of the problem.
We therefore need to understand which
blend of risk attitudes we have at any
point in time and the drivers leading
them to change. It is also important to note the overall
culture, or that of subgroups, is an emergent
property of the group and is therefore
different to how someone might behave on
their own. It is important not to judge culture
against some perceived perfection, but to
understand the interaction between it and
risk management activity.
Harnessing
expert input
So, people are at the heart of generating
complexity and the failure to understand its
meaning for risk. All is not lost, however—
there is a range of techniques that can be
used to make sense of these things.
We have seen that people are not
necessarily the best source of information
about risk—but they are often the only source
of information. This is particularly the case
where events are rare or where emerging
trends can be imagined to a new conclusion
that has not been seen before—historical
data will have little or nothing to add to the
analysis of such situations and yet these are
precisely the ones that most risk managers
are faced with on a daily basis. It is possible
to recover the collective insights of your
experts using cognitive techniques, like
cognitive mapping (Eden, 1988) (see above
for a brief overview of cognitive mapping),
to distil a robust and meaningful insight into
what is happening. The use of cognitive
maps to capture and analyse the narrative of
your experts provides a rigorous way to form
a coherent single story. From this you can
develop a deep understanding of the most
important dynamics of your risk profile to
feed into a wide range of risk management
activity, including the ORSA. Forming an understanding of the underlying
drivers of uncertainty is crucial if we are to
make any kind of progress in assessing the
risks that can emerge. In the real world we
are nearly always faced with large gaps in
our data relating to any but the most frequent
observations, so a cognitive method for
getting our first understanding of the system
is invaluable. Assessing
complex risks
There are now a number of additional factors
we can consider in trying to assess and
understand our risks. First we can attempt to
build models which replicate the interesting
dynamics that our experts have explained. The benefits of using a cognitive approach
before proceeding to modelling are
described, for example, in Cantle, Charmaille
et al (2012) financial stresses are serious,
but the political and reputational aspects of
[the organisation’s] critical success factors
mean that failure could very well come from
other directions… Actuarial models are
very powerful… however, for reverse stress
testing the challenge is to know which
scenarios should be considered… The
model simply cannot tell us which scenarios
to look at. We must decide which scenarios
to look at ourselves and then use the model
to evaluate them.
Assuming we have sufficient data, statistical
models may well be capable of mimicking
the outcomes but they have little to say
about the drivers of such outcomes. As
described in Fenton and Neil (2012), it is far
more productive to consider causal models,
such as Bayesian Networks, which help us
to make sense of how risks emerge, are
connected, and how we might represent our
control and mitigation of them. In particular
we would like to be consistent in the way
that we handle uncertainty when we study
our risks, meaning that we have to find a way
to incorporate subjective judgments about
uncertainty. We also need to be able to
revise our views when new evidence
is observed. References
The Bayesian approach permits a subjective
view of uncertainty which enables us to make
much better progress with our risk studies
than the classic frequentist approach that
typical statistics requires.
Fenton, N. and Neil, M. 2012. Risk
assessment and decision analysis with
Bayesian networks
Processes like ORSA demand rigour in
areas where risk management is traditionally
weak, such as capturing judgment and
expert knowledge about things the data
doesn’t know. Framing risk using insights
from other sciences which embrace
complexity, culture and psychology brings
the opportunity to add that rigour and also
improve the resulting insights obtained. This article was originally published in The Actuary: http://tinyurl.com/pxozcuv.
5
Allan, N., Cantle, N., Godfrey, P., Yin, Y.
2012. A review of the use of complex
systems applied to risk appetite and
emerging risks in ERM practice. In British
Actuarial Journal December 2012 pp. 1–72
Cantle, N., Charmaille, J-P., Clarke, M.,
Currie, L. 2012. An Application of Modern
Social Sciences Techniques to Reverse
Stress Testing at the UK Pension Protection
Fund. Paper presented at the ERM
Symposium, Chicago 2013.
Eden, C. 1988. Cognitive Mapping.
European Journal of Operational Research
36(1), 1–13
Holling, C., Gunderson, L. 2002. Panarchy:
Understanding Transformations in Human
and Natural Systems
Ingram, D., Thompson, M. 2011. Changing
Seasons of Risk Attitudes. In The Actuary,
February/March 2011 pp. 20–24
Neil Cantle is a principal
and consulting actuary
with the London office of
Milliman. Contact him at
neil.cantle@milliman.com.
Asia ERM newsletter
february 2014
thought leadership on erm
Milliman’s independent thinking is based on strong theoretical foundations
that allow us to develop pragmatic, implementable solutions for clients in the
Asia Pacific and around the world who are coping with today’s most critical
ERM issues. The following articles and presentations highlight some of our
recent work.
The ERM journey
ORSA: An international
requirement
Milliman video
Eamonn Phelan and Padraic O’Malley,
4 December 2013
Numerous insurance regulators around the world are introducing
ORSA requirements. How do these requirements compare in
Europe (through Solvency II), the US and Australia?
In this short film, Milliman consultants discuss how techniques
for analysing organisational structures and processes can
increase resilience.
Read the full article:
http://tinyurl.com/kubamb4
See the video:
http://tinyurl.com/kfg8c5x
Dynamic policyholder
behaviour and
management actions
survey report
Operational risk
modelling framework
Joshua Corrigan and Paola Luraschi,
13 February 2013
Dominic Clark, Edward Morgan and Jeremy Kent,
3 October 2013
This article provides an overview of current methods and emerging
practices in operational risk across the world.
The results of this survey present current practices for modelling
dynamic policyholder behaviour and management actions in
Europe, the US and Japan.
Read the full article:
http://tinyurl.com/kfakltp
Read the full article:
http://tinyurl.com/kmhj7tq
A review of the use
of complex systems
applied to risk appetite
and emerging risks in
ERM practice
Prediction versus
explanation
Neil J. Cantle, 4 September 2013
Neil Allan, Neil Cantle, Patrick Godfrey
and Yun Yin
Big data is taking us into a new era of decision-making and
learning, insight and explanation.
This study aims to apply new thinking and techniques from complex
systems science to two key problem areas for risk management
and governance: risk appetite and emerging risk.
Read the full article:
http://tinyurl.com/mc6qrzt
Read the full article:
http://tinyurl.com/n8mnu7j
To learn more about Milliman’s ground-breaking research and see other articles on ERM, please visit the Milliman Insight page on our
website at: http://tinyurl.com/mjth4sl
6
erm tools
At Milliman, we pride ourselves on creating technology solutions that help
our clients better understand their risks and develop solutions that are
not only actionable, but understandable. The following ERM tools are being
successfully used by our clients worldwide to better manage their risks.
Please contact your local Milliman consultant if you would like to discuss
how these tools may be of benefit to your organisation.
Milliman STAR
Solutions® - NAVI®
CRisAlis™
NAVI is a powerful software solution with modelling techniques that
help insurance companies reduce risk calculation time and fully
understand their risk exposure.
Complexity-based Risk Analysis – This structured and repeatable
process enables companies to unravel the complex interrelationship
of risks across their business, and provides an early warning system
for emerging risks.
Read the full article:
http://tinyurl.com/lg4r25y
Read the full article:
http://tinyurl.com/kznvqmw
MG-ALFA®
MillimanGRC™
Our dynamic, flexible system dramatically speeds the process of
pricing and/or projecting for a wide range of financial products.
Milliman’s unique governance, risk management, and compliance
(GRC) platform is customizable and enables organizations to view
and analyse their full spectrum of business risks in one place.
Read the full article:
http://tinyurl.com/n2utbtg
Read the full article:
http://tinyurl.com/mzq7kjs
ECSight™
MG-Hedge®
Designed for economic capital and risk analysis, our enterprise-level
software system delivers timely and actionable balance sheet
insight to support risk management and strategic decision making.
Milliman’s proprietary system for risk analysis and hedging of market
exposures provides clients with crucial technology.
Read the full article:
http://tinyurl.com/lewuymk
Read the full article:
http://tinyurl.com/l4am6fu
7
11
Asia ERM newsletter
february 2014
Contact Information
For further information on ERM, feel free to contact your local Milliman consultant or:
Australia
Joshua Corrigan
joshua.corrigan@milliman.com
Japan
Masaaki Yoshimura
masaaki.yoshimura@milliman.com
Mainland China / Taiwan
Wing Wong
wing.wong@milliman.com
Korea
Chihong An
chihong.an@milliman.com
Hong Kong
Michael Daly
michael.daly@milliman.com
Singapore
Richard Holloway
richard.holloway@milliman.com
Nigel Knowles
nigel.knowles@milliman.com
Wen Yee Lee
wenyee.lee@milliman.com
Paul Sinnott
paul.sinnott@milliman.com
UK
Neil Cantle
neil.cantle@milliman.com
India
Sanket Kawatkar
sanket.kawatkar@milliman.com
About
Milliman
Milliman is among the world’s largest
providers of actuarial and related products
and services. The firm has consulting
practices in healthcare, property & casualty
insurance, life insurance and financial
services, and employee benefits. Founded
in 1947, Milliman is an independent firm with
offices in major cities around the globe.
milliman.com
learn more
milliman.com/EnterpriseRiskManagement
This leaflet is designed to keep readers abreast of current developments, but it is not intended to be a comprehensive statement of the law and no liability for errors of fact or
opinions contained herein is accepted. Please take professional advice before applying this to your particular circumstances.
Copyright © 2014 Milliman Corporation. All rights reserved.